计算机应用与软件2017,Vol.34Issue(2):325-333,9.DOI:10.3969/j.issn.1000-386x.2017.02.059
针对内核非控制数据攻击的在线检测方法研究
A RUNTIME DETECTION METHOD FOR KERNEL NON-CONTROL-DATA ATTACKS
摘要
Abstract
Operating system security is the foundation and prerequisite of computer system security,and it is mainly depend on the security of the system kernel.By tampering some key data structures inside kernel space,kernel noncontrol-data attacks induce some kernel vulnerabilities and a series of stability problems,which will severely affect the security of operating system and even that of the whole computer system.Thus,a runtime detection method based on the Kprobes debugging mechanism and a monitor kernel thread is proposed.The former is used to monitor the execution of key kernel functions and to check the consistency of related dynamic data structures,while the latter is used to check the invariance of some static kernel data structures.Then the corresponding prototype named by KNCDefender is designed and implemental in C language on Linux platform and a series of experiments for verification and performance testing have been carried out.Experimental results show that the method proposed in this paper is completely lightweight,and various attacks against kernel non-control-data can be detected timely.关键词
操作系统安全/内核安全/内核非控制数据攻击/Kprobes调试机制Key words
Keywords Operating system security/Security of kernel/Kernel non-control-data attacks/Kprobes debugging mechanism分类
信息技术与安全科学引用本文复制引用
黄杰,翟高寿..针对内核非控制数据攻击的在线检测方法研究[J].计算机应用与软件,2017,34(2):325-333,9.基金项目
中央高校基本科研业务费专项基金项目(2009JBM019) (2009JBM019)
国家留学基金项目(201307095025). (201307095025)
